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10 RELATIONSHIP TO EXISTING APPLICATIONS 

The present application claims priority from US Provisional Application 
No, 60/223,432 filed 7 August 2000. 

FIELD OF THE INVENTION 
15 The present invention relates to the field of location filtering including 

geo-filtering. More specifically but not exclusively, the present invention 
relates to methods in which an online distributing entity such as an online shop 
and/or digital media content distributor can locate, identify and authenticate the 
regional location of a user, both in geographical and in network topology terms, 



20 



BACKGROUND OF THE INVENTION 
Online distribution entities, including digital commercial entities such as 
online shops, media distributors and / or digital content providers, operate in a 
global environment that extends very easily to a variety of geographical 
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locations. Connections via the Internet or any other global electronic network, 
may thus be assisted by the availability of authentic data concerning the 
identity of the potential user and / or consumer requesting electronic goods. 
Authenticating a potential or existing user / consumer's identity is a 
5 primary need for online vendors such as electronic stores or distributors of 
digital content Such authentication may be necessary in order to prevent 
fraud or simply desirable in order to enrich the site's accumulated database 
regarding a specific user and / or user group. 

Furthermore, (Jigital media distributors often face situations where 
1 0 distribution of digital media titles to users situated in different geographical 
zones may bear different implications. Such differences can be attributed to a 
number of sources as follows: 

The legal regime - this includes differing regulations such as differences 
in the copyright protection situation^ an item may for example be protected in 
1 5 one jurisdiction and not protected in another, or differences in content rating 
regimes- a situation in which an item permitted in one country is altogether 
banned in another. A further example concerns on-line gambling, which is 
treated differently under different jurisdictions, 

Linguistic differences - such differences may result in different 
20 requirements for sub-titles, or require the supplier to provide a specific 
language version. 

Electronic format differences - a difference in broadcast formats or 
encoding schemes etc, 
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Furthermore ? some business models involve the personalization of 
content in a manner such that a specific user receives only relevant content 
according to his or her requirements, location being one of the conditions that 
the personalization is meant to satisfy. 

5 In addition, the ability to geo-locate a potential consumer / user allows 

an electronic commerce vendor and / or digital media distributor to better 
manage a differential distribution policy that aligns with their business and / or 
marketing strategy, A distributor may for example have separate distribution 
agreements for different regions, in which case misdirected digital media 

10 content and / or electronic goods may cause a violation of the distributor's 
commercial agreements with local vendors, or the distributor may be part of an 
agreement in which profits from a certain geographical location have to be 
shared with a local vendor. Such an arrangement is common for example in 
cases where a local vendor takes responsibility for advertising within his 

15 designated domain, 

Another aspect of geo-locating of a user concerns virtual network 
topology. Distributors of digital media content responding to a user and/or 
subscriber's order, seek the most efficient way to reach the consumer, trying to 
avoid as many waypoints or network nodes as possible. Minimisation of 

20 network nodes is desirable as costs may be related to transmitting data through 
mediators such as ISP's. That is to say the ISP's may debit the distributor, so 
that connecting to a user through several ISPs in order to download media 
content may render the transaction uneconomical for the distributor. Such is 
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particularly the case with distr ibutors of video-on-demand type content, which 
is very data intensive, It is in the distributors interest therefore, to identify the 
user's network location in advance. 

Previous attempts to address the need for geolocatioa give partial 

5 solutions to the problem: US patent No, 6,108,703 describes a network 
architecture or framework that supports hosting and content distribution on a 
global scale. The framework allows a content provider to replicate and serve 
its most popular content from an unlimited number of points Throughout the 
world. The framework comprises a set of servers operating in a distributed 

10 maimer. The actual content to be served is preferably supported on a set of 
host servers, sometimes referred to as ghost servers. The content may typically 
comprise HTML page objects that, conventionally* are served from a Content 
Provider site, In accordance with the invention, however, a basic HTML 
document portion of a Web page is served from the Content Provider's site 

1 5 while one or more embedded objects for the page are served from the hosting 
servers, preferably those of the hosting servers that are near to the client 
machine. By serving the basic HTML document from the Content Providers 
site, the Content Provider maintains control over the content. 

The citation, however, relates to only one facet of the problem, namely 

20 to the allocation of online resources, and does not describe any procedure for 
extracting geographic information about users. 
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Other methods for Geo-locating of a user include locating a user by 
analyzing source IP retrieved from packets at the server side, a method that can 
lead to errors due to uncertain or otherwise ambiguous network topologies. 
Another mode of operation consists on having the information willingly 
5 disclosed by the user, a method that is highly insecure and relies solely on the 
user's integrity. 

Other known methods of retrieving a user's geographical location may 
conflict with user privacy concerns. 

A method in which the true regioml location of a potential consumer 
10 and / or user can be extracted may be very useful for electronic commerce as a 
whole, Demand for such a method encompasses not only online stores but al$o 
applies to video-on-demand vending and the distribution of content by cable or 
satellite. 

The apparatus and methods disclosed herein may solve the drawbacks of 
1 5 the above-mentioned prior art by suggesting innovative, more robust (in terms 
of identifying an accurate location) methods of geo-location of the on-line user. 
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SUMMARY OF THE INVENTION 
Embodiments of the present invention provide apparatus and methods 
for extracting the geographical and/or virtual location of an Internet user, 
requesting for example goods or services or other interactions. 
5 A preferred embodiment of the present invention is based on locating 

the DNS identification of the ISP through which the user is connected, 

The apparatus and method may provide online entities with a tool to 
prevent fraud, or to avoid or manage the implications of wrongly directed 
goods, More generally it may provide an aid for business management and 
10 likewise may serve as a tool for network resource management. 

According to a first aspect of the present invention there is provided 
apparatus for determining a location of a user client in an electronic interaction 
with a server over a network having a plurality of nodes at different locations, 
the apparatus comprising: 
1 5 a network node data gatherer for obtaining from the vicinity of said user 

client network node information, and 

a network node data correlator for correlating said network node 
information with a network node location map, thereby to provide said server 
with a location for said user client 
20 In a preferred embodiment, the apparatus further comprises a digital 

media distributor associated with said network data correlator and operable to 
use said location to govern digital media distribution to said user client. 
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In a preferred embodiment, the apparatus further comprises a location 
confirmation unit for separately detennining that said location provided by said 
client network node information is part of a current communication path to said 
user client, 

5 Preferably, said network node location map is a map of said network and 

said client network node information is an identification of an Internet gateway 
used by said user client. 

Preferably, said identification of said Internet gateway is an IP address 
of said gateway. 

1 0 Preferably, said network node data gatherer comprises a request inducer 

unit for causing said user client to request a connectible entity from the server, 
and wherein said network node data gatherer is operable to intercept network 
node data from said Internet gateway following said request 
Preferably, said connectible entity is a loadable entity, 

15 Preferably, said loadable entity is web browser loadable entity. 

In a preferred embodiment, the apparatus further comprises a host name 
assignor for assigning a host name to said connectible entity for each user client 
request, thereby to cause said Internet gateway to reveal its identity whilst 
attempting to locate said hostname. 

20 Preferably, said host name is a unique host name for each user client 

request. 
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In a preferred embodiment, the apparatus further comprises a master 
DNS, said master DNS being operable to give out to said user client an IP 
address upon requesting by said user client. 

In a preferred embodiment, the apparatus further comprises at least one 
5 secondary DNS. 

Preferably, said connectible entity is assignable a unique host name for 
each transaction request. 

Preferably, said loadable entity is a web page. 

Additionally or alternatively, said loadable entity is a web page 
10 component. 

Additionally or alternatively, said loadable entity is an image. 

Additionally or alternatively, said loadable entity is a loadable 
executable module. 

Preferably, said correlator is operable to coirelate a received ISP DNS 
15 with a user client request using said hostname. 

Preferably, said map comprises physical location data of network nodes. 

Additionally or alternatively, said map comprises topological location 
data of network nodes. 

In a preferred embodiment, the apparatus further comprises a service 
20 level controller for selecting service criteria to be provided to said user client 
based on said physical location. 

A preferred embodiment is operable to log a physical location related to 

a sale. 
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A preferred embodiment is operable to associate alarms with 
predetennined physical locations. 

A preferred embodiment is arranged to access a geographically arranged 
database, thereby to associate service criteria with predetermined physical 
5 locations. 

A preferred embodiment is arranged to access a geographically arranged 
database, thereby to associate alarms and service criteria with predetermined 
physical locations. 

Preferably, said service criteria comprise criteria to conform with 
1 0 location-based legal restrictions. 

Preferably, said service criteria comprise criteria to conform to location- 
based contractual restrictions, 

Preferably, said service criteria comprise criteria to conform to location- 
based commercial restrictions. 
15 In a preferred embodiment, the apparatus further comprises a service 

level controller for selecting service criteria to be provided to said user client 
based on said topological location. 

In a preferred embodiment, the apparatus further comprises a routing 
controller for controlling routing to said user client based on said topological 
20 location. 

In a preferred embodiment, the apparatus further comprises a request for 
a user telephone number, said apparatus being operable to confirm contact via 
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said telephone number by giving a user a identification for looping using said 
user client and a connection made using said telephone number, 

Preferably, said map comprises a physical map of said telephone 
network, usable to correlate a physical location to a telephone number. 
5 Preferably, the network node data gatherer comprises a request for the 

user to contact a telephone number, said apparatus being operable to confirm 
contact via said telephone number by giving a user an identification for looping 
back to said apparatus using said user client and a connection made using said 
telephone number. 

] 0 Preferably, said map is a physical map of said telephone network, usable 

to correlate a physical location to a telephone number. 

In a preferred embodiment, the apparatus further comprises an 
authentication unit operable to obtain a modem telephone number of said user 
client, thereby to attempt to establish contact with said user client. 
15 In a preferred embodiment, the apparatus further comprises an 

authentication unit contactable by the modem of said user client, thereby to 
attempt to establish contact with said user client. 

In a preferred embodiment, the apparatus further comprises an 
authentication unit operable to obtain a modem telephone number of said user 
20 client and to determine that contact is established with said user client using 
said given modem number. 

Preferably said authentication unit is operable to send authentication 
information via said connection for return via said network connection. 
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Preferably, said authentication unit is operable to send authentication 

information via said connection for return via said network connection, 

Additionally or alternatively, the authentication unit is operable to send 

authentication via said network for return via said direct connection, 
5 Additionally or alternatively, said authentication unit is operable to send 

authentication via said network for return via said direct connection, 
In a preferred embodiment, the apparatus further comprises: 
trace routing functionality for determining a network node distance and 

route of a user client by sending and attempting to receive response messages 
1 0 having varied time to live values, 

In a preferred embodiment, the apparatus further comprises combining 

trace routing from several locations to the user in order to enhance accuracy 

and gather more information. 

In a preferred embodiment, the apparatus further comprises a correlator 
1 5 for correlating between said determined location and said determined network 

node distance and route- 
Preferably, said network node data gatherer comprises a connectible 

entity for carrying out trace routing to said server from said user client and 

sending results of said trace routing to said server. 
20 Preferably, said network node data gatherer comprises a software agent 

locatable at a network access node. 

Preferably, said network access node is a digital network access node. 
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Preferably, the digital network access node is a digital line access 
multiplexer. 

Preferably, said network node is an internet service provider comprising 
a plurality of servers and said network node data gatherer comprising 
5 functionality to determine additional information of said user client from an 
individual one of said plurality of servers with which it connects, 

Preferably,, said network node data gatherer is operable to obtain said 
additional information by correlating with a user database of the Internet 
service provider. 

10 In a preferred embodiment, the apparatus further comprises a database 

builder for building a database of user clients to correlate obtained location data 
with other data concerning said user clients. 

In a preferred embodiment, the apparatus further comprises a line 
measuring unit for measuring connection line qualities, thereby to obtain said 
1 5 location information. 

In a preferred embodiment, the line measuring unit further comprises a 
connection comparison unit for comparing line qualities of different 
connections* 

Preferably, the qualities include; signal to noise ratio, specific frequency 
20 attenuation, end path delay, echo characteristics, delay variance, and 
compression artifacts. 

According to a second aspect of the present invention there is provided a 
method for determining a location of a user client in an electronic interaction 
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with a server oyer a network having a plurality of nodes at different locations, 
the mettiod comprising; 

obtaining, from the vicinity of said user client, network node 
information, and 

5 correlating said network node information with a network node location 

map, thereby to provide said server with a location for said user client. 

Preferably, the method further comprises separately determining that 
said location provided by said client network node information is part of a 
current communication path to said user client. 
1 0 Preferably, said client network node information is an identification of 

an Internet gateway used by said user client. 

Preferably, said identification of said Internet gateway is a DNS of said 
gateway. 

Preferably, the method further comprises 
15 causing said user client to request a connectible entity from the server, 

and 

intercepting network node data from said Internet gateway following 
said request. 

Preferably, the method further comprises assigning a host name to said 
20 connectible entity for each user client request, thereby to cause said Internet 
gateway to attempt to locate said hostname and reveal it$ identity in the cours* 
thereof. 
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Preferably, said assigning a host name comprises assigning a imique 
host name. 

Preferably, said method comprises said master DNS giving to said user 
client an IP address upon requesting by said user client. 
5 Preferably, said server further comprises at least one secondary DNS 

being operable to provide IP addresses to said user client 

Preferably, the method further comprises assigning to said connectible 
entity a host name for each transaction request. 

Preferably, the method further comprises providing a unique host name 
1 0 for each user client for each session- 

Preferably, said loadable entity is a web page. 

Additionally or alternatively, said loadable entity is an image, 

Additionally or alternatively, said loadable entity is a loadable 
executable module. 

1 5 Additionally or alternatively, said loadable entity is a web component, 

Preferably, the method further comprises correlating a received ISP 
DNS with a user client request using said host name. 

Preferably, said map comprises physical location data of network nodes. 
Additionally or alternatively, said map comprises topological location 
20 data of network nodes. 

Preferably, the method further comprises selecting service criteria to be 
provided to said user client based on said physical location. 
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Preferably, the method further comprises logging a physical location 
related to a sale* 

Preferably, the method further comprises associating alarms with 
predetermined physical locations. 
5 Preferably^ said service criteria comprise criteria to conform with 

location-based legal restrictions. 

Preferably, the method further comprises selecting service criteria to be 
provided to said user client based on said topological location, 

Preferably, the method further comprises controlling routing to said user 
10 client based on said topological location, 

Preferably, the method further comprises making a request for a user 
telephone number, said method being operable to make contact using said 
telephone number to give a user a identification for returning via said user 
client, said map being a physical map usable to correlate a physical location to 
15 a telephone number- 
Preferably, the method further comprises making a request for a user 
telephone number, said method being operable to verify contact via said 
telephone number by giving a user a identification via said network for 
returning via a direct connection using said telephone number, said map being a 
20 physical map usable to correlate a physical location to a telephone number. 

Preferably, the method further comprises the step of obtaining a modem 
telephone number of said user client, thereby to attempt to establish contact 
with said user client 
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Preferably, the method further comprises requesting the user to contact a 
telephone number, thereby to confirm contact via said telephone number by 
giving a user an identification for looping back using said user client and a 
connection made using said telephone number. 
5 Preferably, the method further comprises an authentication stage of 

receiving a connection from the modem of said user client, thereby to attempt 
to establish contact with said user client. 

Preferably, the method further comprises sending authentication 
information via said connection for return via said network connection. 
10 Preferably, the method further comprises sending authentication via said 

network for return via said direct connection. 

Preferably, the method further comprises: 

trace routing functionality for determining a network node distance and 
route of a user client by sending and attempting to receive response messages 
1 5 having varied time to live values, 

and correlating between said determined location and said determined 
network node distance. 

Pref erabtyj the method further comprises sending a loadable entity to 
said receiving client for carrying out trace routing to said server from said user 
20 client and sending results of said trace routing to said server. 

Preferably, the method further comprises locating a software agent at a 
network access node to gather data of a receiving client connecting via said 
node. 
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Preferably, said network access node is a digital network access node, 
Preferably, the digital network access node Is a digital line access 
multiplexer. 

Preferably, said network node is an internet service provider comprising 
5 a plurality of servers, the method further comprising determining additional 
Information of said user client fir om an individual one of said plurality of 
servers with which it connects. 

Preferably, the method further comprises obtaining said additional 
information by correlating with a user database of the Internet service provider. 
10 Preferably., the method further comprises building a database of user 

clients to correlate obtained location data with other data concerning said user 
clients. 

Preferably, said network node infonnation is obtained in response to an 
interaction request from said user client and comprising a step of correlating 
1 5 said network node information with said interaction request by sending said 
u^er client a hostname to use in a data request with said network node 
information. 

According to a third aspect of the present invention there is provided 
apparatus for determining a location of a user client in an electronic interaction 
20 with a server over a network having a plurality of nodes at different locations, 
the apparatus comprising: 

a network node data gatherer for obtaining from the vicinity of said user 
client network node information and 
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a network node data correlator for correlating said network node 
information with a network node location map, thereby to provide said server 
with a location for said user client, 

and wherein said network node location map is a map of said network 
5 and said client network node information is an identification of an Internet 
gateway used by said user client 

In a preferred embodiment, the apparatus further comprises a digital 
media distributor associated with said network data correlator and operable to 
use said location to govern digital media distribution to said user client. 
10 In a preferred embodiment, the apparatus further comprises a location 

coiifinnation unit for separately determining that said location provided by said 
client network node information is part of a current communication path to said 
user client, 

Preferably, said identification of said Internet gateway is an IP address 
15 of said gateway. 

Preferably, said network node data gatherer comprises a request inducer 
unit for causing said user client to request a connectible entity from the server, 
and wherein said network node data gatherer is operable to intercept network 
node data from said Internet gateway following said request. 
20 Preferably, said loadable entity is a browser loadable entity. 

In a preferred embodiment,, the apparatus further comprises a host name 
assigner for assigning a host name to said connectible entity for each user client 



18 



7.PU G . 2001 20:3B EHRLICH & PARTNERS 972-3-6127575 N0 . 954 p25 



request, thereby to cause said Internet gateway to reveal its identity whilst 
attempting to locate said hostname. 

Preferably said host name is a unique host name for each user client 
request. 

5 In a preferred embodiment, the apparatus further comprises a master 

DNS, which gives out to said user client an IP address upon requesting by said 
user client. 

In a prefeired embodiment, the apparatus further comprises at least one 
secondary DNS. 

10 Preferably, said connectible entily is assignable a unique host name for 

each transaction request. 

Preferably^ said loadable entity is a web page. 
Additionally or alternatively, said loadable entity is a web page 
component, 

1 5 Additionally or alternatively, said loadable entity is an image. 

Additionally or alternatively, said connectible entity is a loadable 
executable entity. 

Additionally or alternatively, said loadable entity is a loadable 
executable module. 

20 Preferably, said correlator is operable to correlate a received ISP DNS 

with a user client request using said host name. 

Preferably, said map comprises physical location data of network nodes. 
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Preferably, said map comprises topological location data of network 

nodes. 

In a preferred embodiment, the apparatus further comprises a service 
level controller for selecting service criteria to be provided to said user client 
5 based on said physical location* 

The apparatus is preferably operable to log a physical location related to 

a sale. 

A preferred embodiment is operable to associate alarms with 
predetermined physical locations. 
10 A preferred embodiment is arranged to access a geographically arranged 

database* thereby to associate service criteria with predetermined physical 
locations. 

A preferred embodiment is arranged to access a geographically arranged 
database, thereby to associate alarms and service criteria with predetermined 
1 5 physical locations. 

Preferably, said service criteria comprise criteria to conform, with 
location-based legal restrictions. 

Additionally or alternatively, said service criteria comprise criteria to 
conform to location-based contractual restrictions, 
20 Additionally or alternatively, said service criteria comprise criteria to 

conform to location-based commercial restrictions. 
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In a preferred embodiment, the apparatus further comprises a service 
level controller for selecting service criteria to be provided to said user client 
based on said topological location* 

In a preferred embodiment^ the apparatus further comprises a routing 
5 controller for controlling routing to said user client based on said topological 
location. 

According to a third aspect of the present invention there is provided 
apparatus for determining a location of a user client in an electronic interaction 
with a server over a network having a plurality of nodes at different locations, 
1 0 the apparatus comprising: 

a network node data gatherer comprising a request for a user telephone 
number, 

a network node data correlator for correlating said user telephone 
number with a physical map of said telephone network, said map being usable 

15 to correlate a physical location to a telephone number network node location 
map, thereby to provide said server with a location for said user client, and ' 

a digital media distributor associated with said network data correlator 
and operable to use said location to govern digital media distribution to said 
user client, said apparatus further comprising an authentication unit being 

20 operable to confirm contact via said telephone number by giving a user an 
identification for looping around said network and said user client and a 
connection made using said telephone number. 
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Preferably, said authentication unit is operable to obtain a modem 
telephone number of said user client, thereby to attempt to establish contact 
with said user client. 

Preferably*, said authentication unit is operable to obtain a modem 
5 telephone number of said user client and to determine that contact is 
established with said user client using said given modem number. 

Preferably, said authentication unit sends authentication information via 
said direct connection for return via said network connection. 

Additionally or alternatively, said authentication unit sends 
1 0 authentication via said network for return via said direct connection. 

In a preferred embodiment, the apparatus further comprises a line 
measuring unit for measuring connection line qualities, thereby to obtain 
confirmation of said location- 

Preferably,, said line measuring unit comprises a connection comparison 
1 5 unit for comparing line qualities of different connections. 

Preferably, said qualities include any ones of a group comprising: signal 
to noise ratio, specific frequency attenuation, end path delay, echo 
characteristics, delay variance, and compression artifacts. 

In a preferred embodiment, the apparatus further comprises an interface 
20 for interfacing to a telephone number resolving system, thereby to obtain 
service level conditions associated with particular telephone numbers, 

Preferably, said network node data gatherer comprises a request for the 
user to contact a telephone number, said apparatus being operable to confirm 
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contact via said telephone number by giving a user an identification for looping 
back to said apparatus using said user client and a connection made using said 
telephone number. 

In a preferred embodiment, the apparatus further comprises an 
5 authentication unit contactable by the modem of said user client, thereby to 
attempt to establish contact with said user client 

Preferably, said authentication unit sends authentication information via 
said connection for return via said network connection, 

Additionally or alternatively, said authentication unit sends 
1 0 authentication via said network for return via said direct connection. 

According to a further aspect of the present invention there is provided 
apparatus for detennining a location of a user client in an electronic interaction 
with a server over a network having a plurality of nodes at different locations, 
the apparatus comprising: 
15 a network node data gatherer for obtaining from the vicinity of said user 

client network node information, 

a network node data correlator for correlating said network node 
information with a network node location map, thereby to provide said server 
with a location for said user client, 
20 trace routing functionality for determining a network node distance and 

route of a user client by pending and attempting to receive response messages 
having varied time to live values. 
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and a second correlator for correlating between said determined location 
and said determined network node distance. 

According to a further aspect of the present invention there is provided 
apparatus for determining a location of a uper client in an electronic interaction 
5 with a server over a network having a plurality of nodes at different locations, 
the apparatus comprising: 

a network node data gatherer for obtaining from the vicinity of said user 
client network node information, and 

a network node data correlator for correlating said network node 
1 0 information with a network node location map 9 thereby to provide said server 
with a location for said user client, 

and wherein said network node data gatherer is a software agent for 
placing at least one of said plurality of nodes. 

Preferably, said network access node comprises a digital network access 

15 node, 

Preferably, said digital network access node comprises a digital line 
access multiplexer. 



BRIEF DESCRIPTION OF THE DRAWINGS 
20 For a better understanding of the present invention, and to show how the 

same may be carried into effect, reference will now be made to the 
accompanying drawings, in which: 
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Fig. 1 is a simplified block diagram of apparatus for geo-filtering of 
nser clients using ISP DNS IP address data, according to a first embodiment of 
the present invention, 

Fig. 2 is a simplified block diagram showing apparatus for carrying out 
5 a correlation procedure for the embodiment of Fig. 1 „ 

Fig, 3 is a simplified block diagram showing apparatus for geo-filtering 
using telephone callback according to a second embodiment of the present 
invention, 

Fig. 4 is simplified block diagram showing apparatus for geo-filtering 
1 0 using IP location according to a third embodiment of the present invention, and 

Fig, 5 is a simplified block diagram showing apparatus for geo - 
filtering of users connected to a computer network by a digital subscriber line, 
according to a fourth embodiment of the present invention. 



15 DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 

An Internet user approaching an online store or digital media provider 
generally does so through the DNS (Domain Name Server) of an ISP (Internet 
service provider). The user may then be provided a specific IP number, 
provided by the DNS for the specific session only. As the IP number is random 

20 and changes, in most cases it cannot be used to identify the user. The DNS, 
however, does have a fixed IP number, and all such DNS IP addresses are 
public knowledge. The DNS itself is thereby traceable via its distinct IP 
address. The method described herein prompts the ISP's DNS to provide its 
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0"wn IP address to the online vendor's site, following a user request to perform 
an online transaction, or any other interaction as desired, Furthermore, the ISP 
itself is able to identify any of its users connecting to the Internet by correlation 
of entry log data from the DNS with the I£3P's user database. Such an ability 

5 may be useful when further identification of a specific user is needed. 

Reference is now made to Fig. 1 , which is a simplified diagram of a first 
embodiment of the present invention. In a session of electronic shopping or 
similar kind of interaction between an electronic entity or vendor 1 01 and a 
user / consumer 102, the user / consumer is redirected by the electronic entity 

10 101 to a page, or to a module within a page or any element that is loadable or 
conlactable by the consumer, denoted in Fig. 1 as hostname object 110. The 
element or object preferably contains in its address a host name composed of 
symbols. The address object preferably conforms to the standards of existing or 
future BIND infrastructure. The user / consumer's browser may be required to 

1 5 load object 1 1 0 additionally or alternatively to the above mentioned redirection. 

The host to which the user's / consumer is directed may for example be 
an electronic shop belonging to a commercial domain, or to any other domain, 
provided that the domain conforms to the BIND specifications. Preferably, the 
domain has a master DNS 104 and may additionally have one or more 

20 secondary DNSs. The host name is preferably but not necessarily unique for 
each user $ession and thus new to the user's / consumer's ISP DNS (1 05). It 
may, for example, be composed of a random string of symbols, a string 
representing a serial number or an ordered string, an encoded user ID, a 
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sequential or encoded sequential number, a semi-random number stored in the 
electronic shop's database or any other option that complies with BIND 
specifications. 

The redirection preferably serves to direct the consumer's browser to a 

5 new page, whether automatically as the user's browser's response to the new 
page or following a request by the server or as a result of a request 1 06 by the 
consumer 102. As is common procedure the user client may request the actual 
IP address of the host specified in the new page address from the DNS 
configured on his system by the ISP 107, 

1 0 The host name, having been randomly selected, is thus likely to be new 

to the ISP DNS 103. The ISP DNS 103 is therefore caused to issue a series of 
queries to other DNS servers in an effort to locate the master DNS for the 
domain to which the requested host belongs, in a DNS query 1 08, or 
alternatively to locate a secondary DNS thereof. When located, the ISP DNS 

15 103 queries the located master or secondary DNS for the address - all 
according to BIND specifications. 

When the master or secondary DNS receives the query, the master or 
secondary DNS preferably replies to the query with a single IP address, in 
contrast to the procedure specified by the BIND specifications in which queries 

20 for unknown hosts are rejected . The master or secondary DNS may also reply 
with any IP that the store wishes it to reply with or may refrain from reply 
altogether, The IP address used in the reply may belong to the operator of the 
method or to any other entity such as the operator of the method deems 
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appropriate, and the reply containing the IP address preferably looks like a 
standard DNS reply for the requested host. The master or secondary DNS 
preferably notes the IP of the ISP DNS 103, which is included in the request, in 
its data store or any other storage medium and / or may transmit this 
5 information or part thereof to the vendor 101. 

The ISP DNS 1 03 then preferably returns the IP received from the 
master or secondary DNS to the user, which may then proceed to retrieve the 
page, or an object therein, according to BIND specifications and in the usual 
way. 

10 The operator of the method may now compare the IP address of the ISP 

DNS noted in the data store, with the unique host name provided to the specific 
user in the specific session with which the request was made, and reference is 
now made to Fig- 2, which is a simplified diagram showing apparatus, 
preferably but not necessarily for location at the vendor 1 01, for carry ing out 

1 5 correlations to determine geo-location, that is the physical or topological 
location of the user client from the received ISP DNS IP address. It will be 
appreciated that similar correlation apparatus is applicable to the later 
embodiments- Parts that are the same as those in previous figures are given the 
same reference numerals and are not described again except as necessary for an 

20 understanding of the present embodiment 

An obtained ISP DNS IP address is input to system 203 for analysis. 
The address is passed to a correlation module 204 where it is correlated firstly 
with the user client making the request and secondly with a database 205 to 
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give an output of the location (physical or topological) of the ISP, as discussed 
in more detail below. 

The apparatus shown in Fig. 2 preferably enables the operator of the 
method to correlate the received ISP DNS IP address with a specific user, 
5 whether existing in the store's data store or new to the operator of the method. 
By knowing the ISP DNS IP address the operator of the method may detennine 
the ISP DNS location, as the IP address thereof is a fixed address and 
corresponding ISP identities are readily obtainable. By collating the location 
information with the session 1 02, the operator is preferably able to detennine 

10 the user's location at the time of the session. 

In a further preferred embodiment of the present invention a system 
may correlate the ISP DNS IP address with the user/consumer identity and 
cany out operations according to the electronic vendor's instructions* such as 
directing distribution resources, adjusting the content provided to the consumer, 

1 5 adjusting the dialogue with the user / consumer, preventing the transaction 
altogether etc, Such activities are specifically useful for distributors of video- 
on-demand and digital content 

A vendor 101 receives an interaction request from a user 102 via the 
20 Internet or like electronic connection. The user 102 connects via DNS 103 
databaseand a random host of his internet service provider or ISP 107, The 
vendor has his own DNS 104. As will be described below, the user 102 is 
persuaded to give to the vendor 101 the IP address of his ISP 103. 
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That is to say, to obtain the IP address of ISP 103 s as part of the 
interaction, the user / consumer 102 is preferably directed by the site of the 
vendor 101 to a page, or to a module within the current page or to any element 
usable with the consumer's browser, which preferably contains in its address a 

5 host name composed from symbols under the constraints of existing or future 
BIND standard infrastructures. Reference is now made to Fig. 3, which is a 
simplified block diagram showing a further embodiment of the present 
invention. In the embodiment of Fig. 3 ? geo-filtering of clients for a digital 
multimedia distribution system, such as digital video-on-demand, is performed 

1 0 by the use of a telephone, in a procedure as follows; 

As illustrated in Fig, 3, the client / consumer 301 contacts the vendor 
302, with a request to purchase 303. The vendor then requests the client's 
telephone number and calls him back 304 using the supplied telephone number. 
As the client answers the call, the vendor then provides him / her with a 

15 temporary password 306 and asks him / her to provide a certain signal, e.g., by 
punching the temporary random password on the telephone using the 
telephone's key-pad 305. The client types the password he is shown 307, and 
hangs up. The vendor then uses the client's telephone number to identify the 
client's geo4ocation from the telephone exchange 308,309, after which the 

20 vendor may transfer the content to the client 310. 

The method relies on the principle that, much like the broadcast radius 
of a TV station, a telephone exchange also has a limited geographical range for 
the customers it serves, and the exchange number is easily derived from a 
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telephone number by taking the first few digits from the number. The method 
does not apply however 3 directIy to cellular telephones, where the number does 
not generally indicate a physical location, although it may be used in 
conjunction with other methods. 

5 In cases such as the aforementioned cellular telephones, but also in AIN 

applications etc. where the phone number does not in itself reveal the location 
of the user with the required accuracy or at all, an interface may be set up, 
either online or offline, to an entity or database holding correlating information 
for example of suspect mobile telephone numbers whose custom is best 

10 avoided. 

In addition, advanced methods, for estimating the other party's location 
by using measurable qualities of the connection, may be used in order to 
establish or verify the location and /or to increase the precision of the 
localization. Such qualities may include signal to noise ratio, specific 
1 5 frequency attenuation, end path delay, echo characteristics, delay variance, 
compression artifacts, and other similar qualities depending on the media 
involved. 

That is to say, quality measurement may be carried out via several such 
connections, in order to gather more information, and / or in order to discern or 
20 verify with greater accuracy 3 by correlating the information, the approximate 
location of the other party involved, preferably by correlating information from 
several sources (e.g^such as connecting the user from multiple phone numbers, 
or phones which are near the location of the other party). 
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Additionally, the 'Caller ID' attribute may be used, in order to either 
replace or be added to the above-described method, in order to improve the 
resolution of the Geo-Location. The method is also applicable to businesses 
that do not conduct business over the Internet. 

5 In a further embodiment, the user, or the user client's modem, may be 

prompted to contact a telephone number(or numbers) or otherwise contact an 
authenticating entity of his service provider, in order to perform the 
aforementioned authentication. 

In addition, authentication information, or other information, which is 

1 0 required to be used in the transaction^ could be passed in the modem 

connection. Reference is now made to Fig, 4, which is a simplified diagram 
showing a further embodiment of the present invention, in which geo-filtering 
for clients of digital multimedia distribution system, such as digital video-on- 
demand, is performed by use of an IP (Internet Protocol) location method in a 

1 5 procedure as follows: 

A t^ser/clienfs request 401for a service, that is to say a request for a 
transaction or other interaction ag discussed above, is sent to the vendor etc. 
On the way it may be intercepted by a device or agent 402, which may 
typically be a hardware unit with sniffer-type software or the like, combined 

20 with an analysis program, the analysis program being specific to the 

geolocation purpose. Alternatively, use may be made of a unit provided for 
oilier purposes, in which case the sniffer and analysis software may be in the 
form of a plug-in, or may piggy-back over existing software and/or hardware. 
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In addition, other sniffing methods known to the skilled man may be 
considered, for example providing a software agent or any similar method, 
provided that the method involves sniffing functionality that resides at the 
client's ISP 403. 

5 The agent may be for example a computer with dedicated software* 

which identifies the geo4ocation of the subscriber by associating an IP 
connection with a particular ISP. The method relies on the property by which 
ISP users are usually located in the vicinity of the ISP's POP (point of 
presence), as using an ISP that is geographically close to the customer increases 

1 0 throughput and reduces costs for the user, 

The device or agent 402 then communicates with the vendor / policy 
server 404. As the vendor knows the location of the agent (Le, its ISP and the 
geographical position of the point of presence), the vendor can extract the 
client's location by correlating the data and may handle the request 

1 5 appropriately. It is thus possible to associate a specific customer with a 
geographical location. 

To eliminate the possibility of users being able to give out false IP 
addresses and / or to verify the information extracted, the agent may send the 
user or client ping messages each set with a Time To Live (TIL). Successive 

20 messages have successively increasing TTLs, preferably increasing by 1 for 
each occurrence and starting from 1 ( The sender is able to deduce, from the 
first ping that returns to him, the number of hops / routers from the agent's 
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location to the client Such a method is sometimes referred to as Trace Routing 
and is well-known in the art 

In a further preferred embodiment of the present invention geo-filtering 
for distribution of digital content is performed by Internet route identification 

5 as follows: the consumer / user contacts the vendor regarding content to be 
delivered to his/her computer, in the usual way. The vendor requires that a 
small application is loaded and run on the client's computer. The application 
preferably implements the trace routing algorithm described above, -which was 
originally implemented by Van Jacobson, in order to check the Internet route 

10 between the vendor and the user / consumer. After collecting the route 

information, the application preferably sends that information to the vendor, 
which, in turn, uses it to identify the Internet service provider (ISP) for the 
client, hence deducting its location. As it identifies the router closest to the 
client, the method may also be used to map the network topology within the 

15 ISP (with the aid of the ISP). 

Reference is now made to Fig, 5 S which is a simplified diagram showing 
a further embodiment of the present invention. The embodiment of Fig, 5 is 
particularly useful for geo-location of users 501 that are connected to a 
computer network, such as the Internet, via Digital Subscriber Line (DSL). 

20 The method uses a software agent 502 located at a Digital Subscriber Line 

Access Multiplexer (DSL AM) 503 . The software agent can collect information 
regarding the end-user, such as his or her telephone number and a respective 
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DSL ID number, that may thereafter be used for geo-Iocation and 
authentication by the vendor's system 504. 

In a further embodiment of the present invention, a system making use 
of information extracted by the system as described above, combined with 
5 other sources of information and / or methods of extraction, may determine 
other properties of the user / consumer and / or may even identify the user / 
consumer. 

In another embodiment, the system may correlate information about the 
ISP DNS ? to determine the user's physical location, by correlating the ISP's 

1 0 identity with information about the location of the particular server of the ISP 
that the user is using. 

In another embodiment of the present invention the identification 
features described above may be applied to an entity other than an electronic 
shop and may be used for purposes other than those of electronic commerce. 

15 Another embodiment of the present invention may be used for building 

an information base to aid. other location methods by correlating the data 
extracted from it with other known data and or properties of the user / 
consumer, 

In another embodiment the system or method may be applied as an aid 
20 in managing and optimizing online distribution resources for online vendors of 
digital goods, by locating the most efficient route to the user / consumer and / 
or directing the act of distribution or any other interaction to a server nearer to 
the consumer / user. 
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In addition, the system or method may be used by sites and / or vendors 
to improve interaction with their online users / consumers, whether subscribed 
or randomly accessing the site / electronic shop. 

A further preferred embodiment of the present invention may provide an 
5 information source for strategic decision making for online businesses such as 
the allocation of marketing efforts and resources, mapping the business 
environment etc, 

In addition to applications described above, the system may provide an 
administrative tool for businesses working under geographically affected legal 

1 0 limitations such as content rating in digital media distribution, copyright issues, 
and contractual and / or commercial limitations due to distribution agreements. 
All of the above issues may have implications for the distribution efforts of an 
online vendor. Furthermore, the method or system may be used as an 
instrument to carry out the vendors and / or user / consumer distribution policy. 

15 The method or system may also be applied in the present context to store 

previously gathered data on ISP DNS IP addresses, so as to alert the vendor if a 
request originates from a pre-designated area which is of importance to the 
vendor. 

In a further embodiment of the present invention the system or method 
20 may provide for a revenue sharing tool between an electronic store / vendor / 
content site and it's affiliates, by correlating information about the consumer 
with the areas designated for affiliates s for identification and / or authentication. 
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It is appreciated that features described only in respect of one or some of 
the embodiments are applicable to other embodiments and that for reasons of 
space it is not possible to detail all possible combinations. Nevertheless, the 
scope of the above description extends to all reasonable combinations of the 
5 above described features. 

The present invention is not limited by the above-described 
embodiments, which ait given by way of example only. Rather the invention 
is defined by the appended claims. 
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